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AMENDMENTS TO THE CLAIMS 

Please amend the claims as follows. 

1. (Currently Amended) A method of performing single sign-on services for a network 
of trusted partner sites comprising: 

a) generating , by a central service provider, assertion information comprising 

identity information associated with a user that is authorized to sign on to 
said network, each of said network of trusted partner sites 
communicatively coupled together through a communication network; 

b) generatin g, by said central service provider, a plurality of artifacts that are 

associated with said assertion information; and 

c) sendin g, by said central service provider, said plurality of artifacts to a group of 

trusted partner sites of said network in order to facilitate single sign-on 
capabilities of said netv/ork, v/herein eashref-sai d -eff ti - f a ets - ^1gv> '''3 access to 
said assertion information so that each of said group of trusted partner 
sites can use an artifact of said plurality of artifacts to retrieve said 
assertion information from said central service provider to individually 
authorize access by said user. 

2. (Currently Amended) The method as described in Claim 1, wherein said a) further 



al) receiving a sign-on request from said user; 

a2) retrieving said identity information associated with said user from said central 

service provider t o authenticate said user; and 
a3) authorizing said user access to said network when said user is authenticated. 

3. (Original) The method as described in Claim 1, further comprising: 

d) receiving a first artifact of said plurality of artifacts through said 

conammiication network from a first trusted partner site, said group of 
trusted partner sites including said first trusted partner site; 

e) authenticating said first artifact to said first trusted partner site; and 
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f) sending said assertion information to said first trusted partner site, transparently 
to said user, to enable said first trusted partner site to authenticate said user 
and authorize access to said first trusted partner site by said user. 

4. (Currently Amended) The method as described in Claim 1, fiirther comprising: 

d) receiving a first artifact of said plurality of artifacts through said 

communication network firom a first trusted partner site not &om said 
group of trusted partner sites, wherein said first tiiisted partner site 
received said first artifact fi'om one of said group of trusted partner sites; 

e) authenticating said first artifact; and 

f) sending said assertion information to said first trusted partner site, transparently 

to said user, to enable said first trusted partner site to authenticate said user 
and authorize access to said first trusted partner site by said user. 

5. (Original) The method as described in Claim 1 , further comprising: 

d) receiving other assertion information firom a first ti^sted partner site of said 

network of trusted partner sites, said assertion information comprising 
data; 

e) storing said other assertion information; 

f) generating another artifact associated with said other assertion information; and 

g) sending said another artifact to a second trusted partner site as directed by said 

fu-st trusted partner site to facilitate a transfer of said data fi-om said first 
trusted partner site to said second trusted partner site, wherein said another 
artifact allows access to said other assertion information. 

6. (Original) The method as described in Claim 1, wherein said assertion uiformation 
and said plurality of artifacts substantially comply with a Security Assertions Markup 
Language (SAML) standard, and said network of trusted partner sites faciHtates web 
browser single sign-on capabilities using interoperational protocols substantially 
complying with said SAML standard. 
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7. (Original) The method as described in Claim 1, wherein said a) further comprises: 

sending said plurality of artifacts to a first trusted partner site of said group of 
trusted partner sites as directed by said user. 

8. (Currently Amended) The method as described in Claim 1, wherein said a) further 
comprises: 

sending said plurality of artifacts to a first trusted partner site of said group of 
trusted partner sites as directed by a second trusted partner site of said 
group of trusted partner sites authorized access to said assertion 
information. 

9. (Original) The method as described in Claim 1, wherein said c) further comprises: 

tagging each of said plurality of artifacts for use solely by a corresponding trusted 
partner site in said group of trusted partner sites. 

10. (Original) The method as described in Claim 1, fiirther comprising: 

d) expiring a first artifact after use of said first artifact by a trusted partner site to 
retrieve said assertion information. 

11. (Currently Amended) A method of performing single sign-on services for a network 
of trusted partner sites comprising: 

a) receiving a first artifact at a first trusted partner site fi-om a central service 

provider, said central service provider providing single sign-on access to 
said network of trusted partner sites, said first artifact associated with 
assertion information comprising identity information associated with a 
user, said user desiring access to said first trusted partner site, each of said 
network of trusted partner sites and said central service provider 
communicatively coupled through a communication network; 

b) sending said first artifac t, by said first trusted partner site., to said central 

service provider over said communication network to retrieve said 
assertion information; 

c) receiving said assertion information fix)m said central service provider at said 

first trusted partner site over said communication network; and 
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d) determiniiig authorization for said user to access said first trusted partner site 

based on said assertion information. 

12. (Currently Amended) The method as described in Claim 11, further comprising: 

e) receiving a second artifact at a second trusted partner site from said central 

service provider, said user desiring access to said second trusted partner 
site, said second artifact associated with said assertion information; 

f) sendin g, by said second trusted partner site, said second artifact to said central 

service provider over said communication network to retrieve said 
assertion information; 

g) receiving said assertion information from said central service provider at said 

second trusted partner site over said communication network; and 

h) determining authorization for said user to access said second trusted partner 

site based on said assertion information. 

13. (Original) The method as described in Claim 1 1, wherein said central service provider 
previously authorizing said user to sign-on to said network of trusted partner sites, 
said central service provider generating and storing said assertion information. 

14. (Original) The method as described in Claim 11, wherein said a) further comprises: 

said receiving said first artifact at said first trusted partner site from said central 
service provider at a direction by a second trusted partner site authorized 
access to said assertion information. 

15. (Original) The method as described in Claim 1 1, further comprismg: 

sending said first artifact to a second trusted partner site to facilitate access by 
said user to said second trusted partner site. 

16. (Original) The method as described in Claim 11, wherein said assertion information 
and said first artifact substantially comply with a Security Assertions Markup 
Language (SAML) standard, and said network of trusted partner sites facilitates web 
browser single sign-on capabihties using interoperational protocols substantially 
complying with said SAML standard. 
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17. (Original) The method as described in Claim 11, further comprising: 

e) bypassing said b) and said c) by sending said first artifact to an assertion 

manager controlling access to said assertion information for internal 
access to said assertion information when said first trusted partner site is 
co-located with said central service provider on a web container; and 

f) receiving said assertion information from said assertion manager at said first 

trusted partner site. 

18. (Currently Amended) A computer system comprising: 

a processor; and 

a computer readable memory coupled to said processor and containing program 
instructions that, when executed, implement a method of performing 
single sign-on services for a network of trusted partner sites comprising: 

a) generati ng, bv a central service provider, assertion information comprising 

identity infonnation associated with a user that is authorized to sign on to 
said network, each of said network of trusted partner sites 
communicatively coupled together through a communication network; 

b) generatin g, by said central service provider, a plurality of artifacts that are 

associated with said assertion infonnation; 

c) sendin g, bv said central service provider, said plurality of artifacts to a group of 

trusted partner sites of said network in order to facilitate single sign-on 
capabilities of said network, wherein e ach of aaid artifacts allows aoooss to 
oaid asGortion information so that each of said group of trusted partner 
sites can use an artifact of said plurality of artifacts to retrieve said 
assertion infonnation from said central service provider to individually 
authorize access by said user. 

19. (Currently Amended) The computer system as described in Claim 18, wherein said a) 
in said method further comprises: 

al) receiving a sign-on request &om said user; 

a2) retrieving said identity information associated with said user fixam said central 
service provider t o authenticate said user; and 
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a3) authorizing said user access to said network when said user is authenticated. 

20. (Original) The computer system as described in Claim 18, wherein said method 
further comprises: 

d) receivmg a first artifact of said plurality of artifacts through said 

communication jfrom a first trusted partner site, said group of trusted 
partner sites including said first trusted partner site; 

e) authenticating said first artifect to said first trusted partner site; and 

f) sending said assertion information to said first trusted partner site, transparently 

to said user, to enable said first trusted partner site to authenticate said user 
and authorize access to said first trusted partner site by said user. 

21. (Original) The computer system as described in Claim 18, wherein said method 
further comprises: 

d) receiving a first artifact of said plurality of artifacts through said 

communication network ft'om a first trusted partner site not fi-om said 
group of trusted partner sites, wherein said first trusted partner site 
received said first artifact fix>m one of said group of trusted partner sites; 

e) authenticating said first artifact; and 

f) sending said assertion information to said first trusted partner site, transparentiy 

to said user, to enable said first trusted partner site to authenticate said user 
and authorize access to said first trusted partner site by said user. 

22. (Original) The computer system as described in Claim 18, wherein said method 
fiuther comprises: 

d) receiving other assertion information firom a first trusted partner site of said 

network of trusted partner sites, said assertion information comprising 
data; 

e) storing said other assertion information; 

f) generating another artifact associated with said other assertion information; and 

g) sending said another artifact to a second trusted partner site as directed by said 

first trusted partner site to faciUtate a transfer of said data firom said first 
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trusted partner site to said second trusted partner site, wherein said another 
artifact allows access to said other assertion information. 

23. (Original) The computer system as described in Claim 18, wherein said assertion 
information and said plurality of artifacts substantially comply with a Security 
Assertions Markup Language (SAML) standard, and said network of trusted partner 
sites facilitates web browser single sign-on capabilities using interoperational 
protocols substantially complying with said SAML standard. 

24. (Currently Amended) The computer system as described in Claim 18, wherein said a) 
in said method fiirther comprises: 

sending said plurality of artifacts to a first trusted partner site of said group of 
trusted sites as directed by a second trusted partner site of said group of 
trusted sites authorized access to said assertion information. 

25. (Original) The computer system as described in Claim 18, wherein said c) in said 
method further comprises: 

tagging each of said plurahty of artifacts for use solely by a corresponding trusted 
partner site in said group of trusted partner sites. 

26. (Original) The computer system as described in Claim 1 8, wherein said method 
further comprises; 

d) expiring a first artifact after use of said fnst artifact by a trusted partner site to 
retrieve said assertion information. 



